将数据写入正在运行的可执行文件
我正在尝试运行一个进程,等待它完成,打开可执行文件,然后向其中写入一些内容。所以我创建了一个小的“加载器”来完成这个任务。 这是我的代码:
;Run the executable
INVOKE GetStartupInfo,OFFSET startInfo
INVOKE CreateProcess, ADDR SomeExecutableFile, \
NULL, NULL, NULL, FALSE, \
NORMAL_PRIORITY_CLASS, NULL,NULL, \
OFFSET startInfo, OFFSET processInfo
INVOKE CloseHandle, processInfo.hThread
;Wait for it to finish & Close handle
INVOKE WaitForSingleObjectEx, processInfo.hProcess, INFINITE, FALSE
INVOKE CloseHandle, processInfo.hProcess
;Try to open the same exe file which just finished executing.
INVOKE CreateFile, OFFSET SomeExecutableFile,GENERIC_WRITE \
,0, 0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL
MOV hFile, EAX
.IF hFile== INVALID_HANDLE_VALUE
INVOKE MessageBox,NULL, OFFSET Problem, OFFSET Problem, MB_ICONWARNING
.ELSE
INVOKE WriteFile, hFile, Buffer, 5, OFFSET BytesWritten , NULL
INVOKE CloseHandle,hFile
.ENDIF
INVOKE ExitProcess,0
如您所见,正在运行“SomeExecutable”文件。停止执行后,用 CreateFile 打开它。 创建文件失败,我得到一个 INVALID_HANDLE....,最后一个错误 - 0x20 - ERROR_SHARING_VIOLATION。
为什么会出现这种情况?
思想与笔记: 1)从“加载器”创建另一个进程,该进程打开可执行文件(等待其完成执行后)并写入它 - 它有效。 2)看起来进程仍然是打开的,即文件仍然被映射,这解释了错误,但我不明白为什么它会被映射。 3)用Olly&调试ProcessExplorer 我看到,即使在进程终止后,Olly 确实打开了该文件的句柄,并且所有句柄都已关闭 - 我不明白为什么,以及我到底如何才能关闭它:)
欢迎任何想法! :)
I'm trying to run a process, wait for it to finish, open the executable file, and write something to it. So i created a small "loader" which does exactly that.
This is my code:
;Run the executable
INVOKE GetStartupInfo,OFFSET startInfo
INVOKE CreateProcess, ADDR SomeExecutableFile, \
NULL, NULL, NULL, FALSE, \
NORMAL_PRIORITY_CLASS, NULL,NULL, \
OFFSET startInfo, OFFSET processInfo
INVOKE CloseHandle, processInfo.hThread
;Wait for it to finish & Close handle
INVOKE WaitForSingleObjectEx, processInfo.hProcess, INFINITE, FALSE
INVOKE CloseHandle, processInfo.hProcess
;Try to open the same exe file which just finished executing.
INVOKE CreateFile, OFFSET SomeExecutableFile,GENERIC_WRITE \
,0, 0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL
MOV hFile, EAX
.IF hFile== INVALID_HANDLE_VALUE
INVOKE MessageBox,NULL, OFFSET Problem, OFFSET Problem, MB_ICONWARNING
.ELSE
INVOKE WriteFile, hFile, Buffer, 5, OFFSET BytesWritten , NULL
INVOKE CloseHandle,hFile
.ENDIF
INVOKE ExitProcess,0
As you can see, 'SomeExecutable' file is being ran. After it stops executing it is opened with CreateFile.
Create file fails, and i get an INVALID_HANDLE...., Last error- 0x20 - ERROR_SHARING_VIOLATION.
Why does this happen?
Thoughts & Notes:
1) Creating another process from the "loader" which opens the executable file(After waiting for it to finish executing) and write to it - it works.
2) It seems like the process is still open, i.e the file is still mapped which explains the error, but i don't understand why would it be mapped.
3) Debugging with Olly & ProcessExplorer i saw that indeed Olly has a handle of this file open even after the process has terminated, and all handles were closed - I don't understand why, and how the hell can i close it :)
Any ideas are welcome! :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
1- 尝试使用:
CREATE_SUSPENDED 应该可以解决问题
2- 您需要修改文件本身吗?加载器通常用于修改内存中的程序。我前段时间用 WriteProcessMemory 编写了一个加载程序:
1- Try to use:
CREATE_SUSPENDED should do the trick
2- Do you need to modify the file itself? Loaders usually are used to modify programs in memory. I wrote a loader some time ago with WriteProcessMemory: